CVE-2014-6086 — Sensitive Information Exposure in IBM Security Access Manager FOR Mobile

CWE-200 — Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 50.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access Manager FOR MobileIBM Security Access Manager FOR WEB
Timeline
PublishedDec 18
Latest updateMay 17

Description

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDibm/security_access_manager8.0, 7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-594c-cj4c-3wj3: IBM Security Access Manager for Mobile 8↗2022-05-17
â–¶
CVEList
CVE-2014-6086: IBM Security Access Manager for Mobile 8↗2014-12-18
â–¶

💬Community

1
Bugzilla
CVE-2014-0007 foreman-proxy: smart-proxy remote command injection↗2014-06-06
â–¶
CVE-2014-6086 — Sensitive Information Exposure in IBM | cvebase